Method and system for conducting a transaction using a proximity device

ABSTRACT

A proximity device transmits a first dynamic authentication value contactlessly to a terminal. The first authentication value is included in a discretionary data field of message data arranged in an ISO Track  1  and/or ISO Track  2  formal Message data is sent from the terminal to an issuer. The issuer separately derives a second authentication value and compares it with the first authentication value.

PRIORITY AND RELATED APPLICATION

This application claims priority to U.S. provisional application60/365,737 filed on Mar. 19, 2002, entitled “Proximity Chip PaymentSpecification,” which is hereby incorporated by reference.

BACKGROUND OF THE INVENTION

Magnetic stripe cards are often used today for conducting transactionssuch as debit and credit payments. Such payment cards store informationin “tracks”—commonly denoted as “Track 1,” “Track 2,” and “Track 3”—onthe magnetic stripe. When such payment cards are swiped through a cardreader, data from the tracks is sent over a network to complete atransaction. Such cards typically also include an authentication valueprinted on the card and an authentication value (which is usuallydifferent from the printed value) stored in the magnetic stripe, both ofwhich help to protect against fraud. On a typical MasterCard™ card, theauthentication value stored in the magnetic stripe is called CVC1, andthe printed authentication value is called CVC2. The printedauthentication value does not get transferred to carbon copy paper whena magnetic stripe card is run through an imprinter to make a mechanicalcopy of the card. Because of this, a duplicate of the card cannotreadily be made from the account information transferred to a sales slip(i.e., account number, cardholder name, and expiration date). Fortelephone or internet purchases where a purchaser is not in the presenceof a merchant, the printed value is especially useful to protect againstfraud because only the person in possession of the card can verify theprinted value to the merchant.

When a transaction involving a magnetic stripe card is conducted using aterminal, the terminal reads the information stored on at least one ofthe tracks of the credit card. Currently, most terminals read Track 1and/or Track 2 of the magnetic stripe. The tracks are formattedaccording to standards promulgated by the International Organization forStandardization (ISO). The relevant ISO standards specify the requireddata elements to be included on the tracks including, for example, thecredit card holder's primary account number, a service or country code,the account holder's name, and a longitudinal redundancy check value. Inaddition to the foregoing specified data elements, the relevant ISOstandards also reserve a data field for use at the discretion of thecard issuer. This field is called the “discretionary data field.” Cardissuers typically store an authentication value in the discretionarydata field. On MasterCard cards, the CVC1 value is stored in thediscretionary data field.

Unfortunately, the static nature of a conventional authentication value(whether printed or stored in the magnetic stripe) increases the risk offraud, because if an unauthorized person obtains the account informationand the printed authentication value, that person has all theinformation required to fabricate a duplicate card.

One approach to reducing the risk of fraud is to use smart cards orintegrated circuit cards, which include internal processingfunctionality, to produce dynamic authentication values. To date,however, smart card technology has used digital signature schemes basedon public key cryptography techniques. Such an approach is costly andinconvenient because it requires cards and terminals that must performcryptographic functions and requires management of public keys.Furthermore, this approach requires the costly modification of and/oraddition to the existing payment network infrastructure that currentlyexists, because the existing infrastructure has been designed forprocessing magnetic stripe payment cards.

A need therefore exists for better, more cost-effective security forpayment card transactions.

OBJECTS AND SUMMARY OF THE INVENTION

This invention addresses the above-described drawbacks of the prior artby using a dynamic authentication value—preferably generatedcryptographically—which is placed in the discretionary data field of aan ISO standard track (preferably, Track 1 and/or Track 2) data field bya proximity device or by a terminal, and is transmitted from theterminal to the issuer of the card or other proximity device being usedto conduct a transaction. Along with the dynamic authentication value,the discretionary data field also includes other data to be used by anissuer for verifying the transaction. Preferably, the dynamicauthentication value is not the same as the static authenticationprinted on a magnetic stripe card, but instead, changes with eachtransaction. As a result, even if an unauthorized person obtains anauthentication value used for a particular transaction, the unauthorizedperson could not use that authentication value for other transactions.Furthermore, because the authentication data is stored in analready-defined field of Track 1 and/or Track 2 in the specified binarycoded decimal (BCD) format, the existing payment card networkinfrastructure can be used with little or no modification.

In accordance with one aspect of the present, a transaction is conductedusing a proximity device by the following steps: dynamically generatinga first authentication value; transmitting the first authenticationvalue from the proximity device to a terminal; including the firstauthentication value in a discretionary data field of message data, themessage data being arranged in an ISO format; and transmitting themessage data from the terminal for verification. Preferably, the messageis arranged in an ISO Track 1 or ISO Track 2 format.

In accordance with an additional aspect of the present invention, atransaction is conducted using a proximity device by the followingsteps: generating a random number; transmitting an authenticationcommand contactlessly from the terminal to the proximity device, theauthentication command including the random number; dynamicallygenerating first authentication value using a first authentication keyby the proximity device to derive the first authentication value fromdata comprising at least the random number; transmitting the firstauthentication value from the proximity device to a terminal; includingthe first authentication value in a discretionary data field of messagedata, the message data being arranged in a format including at least oneof an ISO Track 1 and an ISO Track 2 format; transmitting the messagedata from the terminal to an issuer; calculating a second authenticationvalue by an issuer using a second authentication key and the messagedata; and comparing the second authentication value to the firstauthentication value by the issuer.

BRIEF DESCRIPTION OF THE DRAWINGS

Further objects, features, and advantages of the invention will becomeapparent from the following detailed description taken in conjunctionwith the accompanying figures showing illustrative embodiments of theinvention.

FIG. 1 is a diagram of the interacting components of a system forconducting a transaction using a dynamic authentication value in adiscretionary data field according to an exemplary embodiment of thepresent invention;

FIG. 2 is a diagram illustrating an exemplary layout of data arranged ina Track 1 format;

FIG. 3 is a diagram illustrating an exemplary layout of data arranged ina Track 2 format;

FIG. 4 is a diagram illustrating a layout of the discretionary datafield of FIG. 2 in one exemplary embodiment of the present invention;

FIG. 5 is a diagram illustrating a layout of the discretionary datafield of FIG. 3 in one exemplary embodiment of the present invention;

FIG. 6 is a flow diagram illustrating a exemplary process whereby atransaction is conducted between a proximity device and an issuer;

FIG. 7 is a flow diagram illustrating a exemplary process whereby anauthentication value is calculated by a proximity chip;

FIG. 8 is a flow diagram illustrating a exemplary process whereby aproximity device is verified by an issuer;

FIG. 9 is a diagram illustrating an exemplary computer system forperforming the procedures illustrated in FIGS. 1-8; and

FIG. 10 is a block diagram illustrating an exemplary processing sectionfor use in the computer system illustrated in FIG. 9.

While the subject invention will now be described in detail withreference to the figures, it is done so in connection with theillustrative embodiments. It is intended that changes and modificationscan be made to the described embodiments without departing from the truescope and spirit of the subject invention as defined by the appendedclaims.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 depicts an exemplary system for conducting transactions accordingto the present invention. The illustrated system includes a proximitydevice 102 which includes a proximity chip 103 and contactlesscommunication interface circuitry 105. The proximity device 102 can bein the form of a credit card and can include a magnetic stripe. Theproximity device 102 can also take other forms, such as a key fob,and/or can be incorporated into a mobile phone or a watch. The proximitydevice 102 transmits a dynamically generated authentication value 104 toa terminal 106. The authentication value is typically transmitted via anRF (radio frequency) signal. The authentication value is formatted in adiscretionary data field 108 of Track 1 and/or Track 2 and transmittedto an issuer 110, typically through a computer network 109. Theformatting can take place in either the proximity device 102 or in theterminal 106.

The layout of exemplary data arranged in ISO Track I format isillustrated in FIG. 2. The Track I layout includes a start sentinel 202,followed by a format code 204, followed by a primary account number 206,followed by a field separator 208, followed by a service code 210,followed by the name of the account holder 212, followed by a fieldseparator 214, followed by an expiry date 216, followed by discretionarydata 218, followed by an end sentinel 220, and finally by a longitudinalredundancy check 222. The discretionary data 218 can include a randomnumber 402, a counter value 404, and a dynamic authentication value 406,as depicted in FIG. 4.

The layout of exemplary data arranged in ISO Track 2 format isillustrated in FIG. 3. The Track 2 layout includes a start sentinel 302,followed by a primary account number 304, followed by a field separator306, followed by a service code 308, followed by an expiry date 3 10,followed by discretionary data 312, followed by an end sentinel 314, andfinally by a longitudinal redundancy check 316. The discretionary data312 can include a random number 502, a counter 504, and a dynamicauthentication value 506, as depicted in FIG. 5.

FIG. 6 illustrates an exemplary procedure for conducting a transactionusing the system illustrated in FIG. 1. Optionally, the terminal 106 cancheck to ensure that only one proximity device 102 is within itsoperating field (step 602). If more than one proximity device 102 iswithin the operating field, the terminal can prompt the user to choosewhich proximity device is to be used (step 603). In any case, theterminal 106 or the issuer 110 or the proximity device 102 generates arandom number (step 604). The random number can be generated, forexample, by a conventional random number generation algorithm or by ahardwired random number generator, and can be in BCD or hexadecimal-(HEX) format. Such random number generation algorithms and hardwiredrandom number generators are well known in the art. The terminal 106transmits an authentication command containing the random number to theproximity device 102 (step 606). The proximity device 102 contains aproximity chip 103, which maintains a binary counter and increases thecounter each time an authentication command is received (step 608). Thecounter can be in BCD or HEX or binary format. The proximity chip 103within the proximity device 102 derives a first authentication valueusing a first authentication key from the random number received (step610). If a DES (Data Encryption Standard) security infrastructure isbeing used, the first authentication key is preferably a secret keywhich is shared with the issuer. If a Public Key Infrastructure (PKI) isbeing used, the first authentication key is preferably a private keyassociated with the particular proximity device. In any case, the firstauthentication key can be stored, for example, in the memory of theproximity chip 103. Contactless communication interface circuitry 105can be included as part of the proximity chip 103, or it can be separatefrom the chip. The proximity device 102 includes the firstauthentication value in a set of message data—optionally, in thediscretionary data field of Track 1 and/or Track 2 message data—(step614) and transmits the message data contactlessly to the terminal 106(step 616) via the contactless interface 105. The message data alsoincludes the random number and a counter value maintained by theproximity chip 103, or representations thereof. Preferably, the randomnumber or representation thereof in the message data is verified (step617) at the terminal 106 by comparing it with the random numberpreviously transmitted to the device 102. The representation of therandom number can be, for example, the final 3 digits of a longer numberpreviously transmitted to the device. If the first authentication valuewas not formatted (in step 614) by the proximity device 102 as part ofthe discretionary data field of Track 1 and/or Track 2 message data,this formatting can be performed by the terminal 106, or by an agent ofan issuer 110. The agent can be an issuer application running on auser's computer—e.g. a PC with proximity device reader. In any case, theterminal 106 or the proximity device 102 converts remaining data in HEXor binary format into BCD (step 617). The terminal 106 transmits thedata arranged in a Track 2 format 104 for verification (step 618).Verification is typically performed by an issuer 110. Using a secondauthentication key,—which if DES security is being used, is—presumablythe same key as the first authentication key stored in the proximitydevice 102, the issuer 110 calculates a second authentication valueusing message data received from the proximity device via the terminal(step 622). If PKI is being used, the second authentication key ispresumably the public key associated with the private key of theproximity device. To verify the transaction, the issuer 110 compares thefirst authentication value with the second authentication value (step624) and either accepts (step 626) or rejects (step 628) the transactiondepending on whether the values match.

The proximity device 102 preferably supports various features, such asan authentication key, a secure messaging key to write to memory areasthat are protected, and a manufacturer cryptographic key. Themanufacturer cryptographic key allows an issuer to securely load theauthentication key, the secure messaging key, and payment related data.Single and double length cryptographic keys should be also supported.The proximity device 102 preferably protects data written to the devicememory against deletion or modification, and prohibits the externalreading of memory locations containing a cryptographic key. Theproximity device 102 should also maintain a binary counter, preferablyhaving at least 15 bits, and should increase the counter (step 608)every time the authenticate command is presented (step 606) to thedevice 102. The device 102 can implement ISO communication interfaceType A, Type B, or both. These well-known interface types are describedin ISO/IEC 14443 parts 1-4, which are incorporated herein by reference.

Preferably, the terminal 106 is configured to be capable of reading amagnetic stripe card as well as a proximity device 102. For a devicecontaining both a magnetic stripe and a proximity chip 103, the terminal106 should first try to perform the transaction using the proximity chipreader, and should use the magnetic stripe if there is an error incommunicating with the chip.

At least two commands are typically used to send data from the terminal106 to the proximity device 102, a select command and an authenticatecommand. Other commands can also be used, such as the well-known EuropayMastercard Visa (EMV) “get processing options” command. The selectcommand is used to select a proximity chip payment application. Theauthenticate command initiates computation of the dynamic authenticationcode within the proximity device. The response to the authenticatecommand from the device 102 can contain Track 2 formatted data, thedevice serial number, and transaction flags.

The preferred method of calculating the dynamic authentication value isthe well known DES technique. The proximity device 102 preferablycalculates the dynamic authentication by the following steps, asdepicted in FIG. 7. First, a string of bits is constructed byconcatenating, from left to right, the four rightmost bits of eachcharacter of the primary account number (up to 16×4=64 bits), the expirydate (4×4=16 bits), and the service code (3×4=12 bits) (step 702). Alsoconcatenated to the bit string are the device proximity chip counter (15bits) and the 5-digit random number (5×4=20 bits) generated by theterminal 106 (step 704). The bit string is padded with binary zeros to amultiple of 64 bits (typically, to a total of 128 bits) (step 706). Forexample, the Track 2 “discretionary data” field 312 is 13 BCD when theprimary account number is 16 BCD and the DES calculation of thediscretionary data field 312 uses all 13 BCD. When the primary accountnumber is less than 16 BCD, the issuer can increase the size of thedynamic authentication value field 506 in the discretionary data field312 beyond 3 BCD digits. Next, an 8-byte MAC (Message AuthenticationCode) is calculated using the proximity chip secret authentication key(single or double length) (step 708). The first 3 numeric digits (0-9)from left to right are extracted from the HEX result of the second stepabove (step 710). If less than 3 digits are found (step 712), charactersA to F from left to right are extracted from the result of step 708 and10 is subtracted to compensate for decimals, until 3 digits are found(step 716). The first three digits found are used as the dynamicauthentication value (step 714).

Preferably, the proximity chip 103 converts the proximity chip counter(15-bit) to BCD using the following steps. First, the chip selects theleftmost 3 bits of the counter, adds a zero bit to the left, andconverts the result to BCD. Next, the chip selects the next 3 bits ofthe counter, adds a zero bit to the left and converts the result to BCD.The chip performs the second step an additional 3 times to translate the15 bit counter to 5 BCD characters. If the above described procedure isused for converting the counter to BCD, each BCD digit will range from 0to 7. This procedure is beneficial for simplifying the implementation ofthe hardware and/or software required to convert to BCD in a reducedfunctionality proximity device. Alternately the counter in the proximitychip 103 can itself be in BCD format, in which case the same format ispreferably used in the issuer host system. A BCD-encoded counter makesit possible to increase the size of the maximum counter value to 99,999in the chip using decimal counting (5 BCD characters, 4 bits percharacter using only BCD 0-9 characters), although this typicallyrequires more processing logic in the chip.

The proximity device 102 replaces the discretionary data field 312 ofTrack 2 with the random number (5 BCD) field 502, the proximity chipcounter (5 BCD) field 504, and the dynamic authentication value (3 ormore BCD) field 506. The proximity device 102 returns the Track 2 datato the terminal 106 in the response to the authenticate command (step616). The Track 2 data (maximum 19 ‘8 bit’ binary bytes) may be TLV (TagLength Value) coded (Tag=“57”). The Track 2 data is assembled asfollows, using 4-bit BCD values. A start sentinel is followed by theprimary account number (up to 16 BCD). This is followed by a fieldseparator, which may be Hex. ‘D’. This is followed by an expirationdate, which may be 4 BCD in the format of YYMM. This can be followed bya service code (3 BCD). This may be followed by the dynamicdiscretionary data (13 or more BCD). The discretionary data can includethe random number (5 BCD), followed by the proximity chip counter (5BCD), followed by the dynamic authentication value. The dynamicauthentication value may be 3 BCD when account number is 16 digits, butit can be greater than 3 BCD if account number is less than 16 digits.The discretionary data maybe followed by an end sentinel and alongitudinal redundancy check. Thus, while the discretionary data fieldused on a traditional magnetic stripe card merely contains enoughcharacters to fill out the maximum record length of Track 2 (40characters total) and is generally not verified during a transaction,the discretionary data field used with a proximity device in theillustrated example contains a dynamic authentication value in thediscretionary data of Track 2 used for authentication of the device.

Some proximity chip manufacturers may not be able to produce a reducedfunctionality device that supports a DES algorithm. In such cases, aproprietary method can be used to calculate the device dynamicauthentication value. Preferably, such a proprietary method should havethe following features. A proven proprietary cryptographic algorithmshould be used. The proximity chip counter should have a minimum of 15bits in length. The random number should be 5 digits (5 BCD). Theprimary account number, the expiry date, the service code, the proximitychip counter, and the random number should be included in thecalculation of the dynamic authentication value. The dynamicauthentication value should have a minimum of 3 BCD characters. Theproximity device 102 should be able to replace the Track 2 discretionarydata 306 with the random number, the proximity chip counter, and dynamicauthentication value (minimum 3 BCD). The device 102 should return thewhole Track 2 data, the proximity device serial number and proximitydevice transaction flags and other device data. The random number, theproximity device proximity chip counter, and proximity device generateddynamic authentication value should fit in the discretionary data field312 of the Track 2 data sent to a terminal 106.

Although the preferred method of calculating the dynamic authenticationvalue is the DES method, PKI can also be used.

Each proximity chip authentication key is preferably unique and ispreferably derived from a Master Derivation Key protected by the issuer.The Master Derivation Key should be a double length key. Derivation ofproximity chip keys should preferably be done in a secure cryptographicdevice. The encryption function preferably uses the primary accountnumber and the master derivation key to derive the proximity chipauthentication key. When a double length proximity chip authenticationkey is used, the second part of the key should be derived bycomplementing each bit of the primary account number (1 bits changed to0, 0 bits changed to 1) before the encryption process.

Even if the issuer uses a proprietary authentication method, the keyderivation process should still be similar to the method describedabove. The device authentication key preferably has a minimum of 48 bits(64 for DES). The bit size doubles for a double length device key.

Upon receipt of an authorization request, the issuer performs thefollowing steps. The issuer determines if the request originates from aproximity device 102, in order to initiate processing specific toproximity devices (step 802). The issuer can do this by a decoding dataelement (61 position 10) which the terminal would set to a value of ‘7’to indicate that the request originated from a proximity device that theterminal has read. Alternately, or in addition, the issuer can list intothe cardholder database the primary account numbers assigned to theproximity device 102. The issuer host system should, for each proximitydevice 102, keep track of the proximity chip counter and verify that theproximity chip counter received is the next sequential number (step804). Verification of the proximity chip counter can be used to preventtransaction replay. Repeated counter values can also indicate thatpreviously used proximity chip Track 2 data has been fraudulentlyobtained and is now being used by an unauthorized person. Using aproximity chip authentication key, the issuer calculates the proximitydevice dynamic authentication value as described above using the primaryaccount number, expiry date, service code from the received Track 2, andthe authentication data (proximity chip counter, random number) in theTrack 2 discretionary field (step 808). The issuer compares thecalculated dynamic authentication value to the one in the proximitydevice Track 2 discretionary data field (step 810) and either accepts(step 812) or rejects (814) the transaction. The issuer can process theauthorization as a magnetic stripe authorization when the dynamicauthentication value is successfully verified.

Derivation of proximity chip keys and verification of the dynamicauthentication value should preferably be done in a secure cryptographicdevice, such as a host security module.

It will be appreciated by those skilled in the art that the methods ofFIGS. 1-8 can be implemented on various standard computer platformsoperating under the control of suitable software defined by FIGS. 1-8.In some cases, dedicated computer hardware, such as a peripheral card ina conventional personal computer, can enhance the operational efficiencyof the above methods.

FIGS. 9 and 10 illustrate typical computer hardware suitable forperforming the methods of the present invention. Referring to FIG. 9,the computer system includes a processing section 910, a display 920, akeyboard 930, and a communications peripheral device 940 such as amodem. The system typically includes a digital pointer 990 such as a“mouse”, and can also include other input devices such as a card reader950 for reading an account card 900. In addition, the system can includea printer 960. The computer system typically includes a hard disk drive980 and one or more additional disk drives 970 which can read and writeto computer readable media such as magnetic media (e.g., diskettes orremovable hard disks), or optical media (e.g., CD-ROMS or DVDs). Thedisk drives 970 and 980 are used for storing data and applicationsoftware.

FIG. 10 is a functional block diagram which further illustrates theprocessing section 910. The processing section 910 generally includes aprocessing unit 1010, control logic 1020, and a memory unit 1050.Preferably, the processing section 910 also includes a timer 1030 andinput/output ports 1040. The processing section 910 can also include aco-processor 1060, depending on the microprocessor used in theprocessing unit. Control logic 1020 provides, in conjunction withprocessing unit 1010, the control necessary to handle communicationsbetween memory unit 1050 and input/output ports 1040. Timer 1030provides a timing reference signal for processing unit 1010 and controllogic 1020. Co-processor 1060 provides an enhanced ability to performcomplex computations in real time, such as those required bycryptographic algorithms.

Memory unit 1050 can include different types of memory, such as volatileand non-volatile memory and read-only and programmable memory. Forexample, as shown in FIG. 10, memory unit 1050 can include read-onlymemory (TOM) 1052, electrically erasable programmable read-only memory(EEPROM) 1054, and random-access memory (RAM) 1056. Various computerprocessors, memory configurations, data structures and the like can beused to practice the present invention, and the invention is not limitedto a specific platform. The steps performed by the processingarrangement are not limited to specific hardware unless the claims sostipulate.

Software defined by FIGS. 1-8 can be written in a wide variety ofprogramming languages, as will be appreciated by those skilled in theart.

The elements of the processing section 910 can be included on aproximity chip 103. A coprocessor 1060 can be used to provide anenhanced ability to perform complex computations in real time, such asthose required for DES and PKI encryption. The ROM 1052 preferablycomprises a secure ROM which stores the first authentication key.

While there have been described what are believed to be the preferredembodiments of the present invention, those skilled in the art willrecognize that other and further changes and modifications may be madethereto without departing from the spirit of the invention, and it isintended to claim all such changes and modifications as fall within thetrue scope of the invention. For example, specific calculations for thedynamic authentication value have been shown for an embodiment with aTrack 2 layout but the invention is also applicable to a Track I layout.

1. A method of conducting a transaction using a proximity device,comprising: dynamically generating a first authentication value;transmitting the first authentication value from the proximity device toa terminal; including the fist authentication value in a discretionarydata field of message data, the message data being arranged in an ISOformat; and transmitting the message data from said terminal forverification.
 2. The method of claim 1, further comprising: generating arandom number; transmitting an authentication command contactlessly fromsaid terminal to said proximity device, the authentication commandincluding said random number, the step of dynamically generating thefirst authentication value comprising using a first authentication keyby the proximity device to derive the first authentication value fromdata comprising at least said random number; calculating a secondauthentication value by an issuer using a second authentication key andsaid message data; and comparing said second authentication value tosaid first authentication value by said issuer to verify thetransaction.
 3. The method of claim 1, wherein the message data isarranged in at least one of an ISO Track 1 format and an ISO Track 2format.
 4. The method of claim 2, further comprising entering user datainto the terminal by a user, wherein the step of generating the randomnumber is performed by the terminal based on the user data
 5. The methodof claim 1, wherein the step of including the first authentication valuein the discretionary data field of the message data is performed by saidterminal.
 6. The method of claim 1, wherein the step of including thefirst authentication value in the discretionary data field of themessage data is performed by said proximity device.
 7. The method ofclaim 1, wherein the step of including the first authentication value inthe discretionary data field of the message data is performed by anagent of an issuer.
 8. The method of claim 1, wherein said proximitydevice is in a form of a credit card.
 9. The method of claim 8, whereinsaid proximity device includes a magnetic stripe.
 10. The method ofclaim 9, wherein said proximity device includes a printed authenticationvalue.
 11. The method of claim 1, wherein said proximity device is in aform of a key fob.
 12. The method of claim 1, wherein said proximitydevice is included in a mobile telephone.
 13. The method of claim 1,wherein said proximity device is included in a watch.
 14. The method ofclaim 2, further comprising: ensuring by the terminal that saidproximity device is an only proximity device within an operating fieldof said terminal before attempting a transaction.
 15. The method ofclaim 1, further comprising: detecting multiple proximity devices by theterminal in an operating field of the terminal; prompting a user toselect one of said multiple proximity devices.
 16. The method of claim2, wherein said data comprising at least said random number furthercomprises at least one of a proximity chip counter, a representation ofthe random number, and a representation of the proximity chip counter.17. The method of claim 2, wherein the proximity device has a counter,the method further comprising increasing the counter by said proximitydevice after a time at which the proximity device is coupled to theterminal.
 18. The method of claim 1, further comprising converting themessage data to a binary coded decimal format by said terminal beforethe step of transmitting the message data from said terminal to saidissuer.
 19. The method of claim 1, wherein the proximity device includesa proximity chip.
 20. The method of claim 2, wherein the secondauthentication key is equal to the first authentication key.
 21. Themethod of claim 2, wherein the first authentication key is a public keyinfrastructure private key and the second authentication key is a publickey infrastructure public key, wherein said public key infrastructurepublic key is associated with said public key infrastructure privatekey.
 22. The method of claim 2, wherein said message data furtherincludes at least one of a proximity chip counter, the random number, arepresentation of the random number, and a representation of theproximity chip counter.
 23. The method of claim 22, further comprisingcomparing by said terminal said message data to at least one of therandom number and a representation of the random number.
 24. The methodof claim 22, farther comprising comparing by said issuer said messagedata to at least one of the random number and a representation of therandom number.
 25. The method of claim 2, wherein the step of generatingthe random number is performed by the terminal.
 26. A system forconducting a transaction using a proximity device, comprising aprocessing arrangement configured to perform the steps of: dynamicallygenerating a first authentication value; transmitting the firstauthentication value from the proximity device to a terminal; includingthe first authentication value in a discretionary data field of messagedata, the message data being arranged in an ISO format; and transmittingthe message data from said terminal for verification.
 27. A systemaccording to claim 26, wherein the processing arrangement is furtherconfigured to perform the steps of: generating a random number;transmitting an authentication command contactlessly from said terminalto said proximity device, the authentication command including saidrandom number, the step of dynamically generating the firstauthentication value comprising using a first authentication key by theproximity device to derive the first authentication value from datacomprising at least said random number; calculating a secondauthentication value by an issuer using a second authentication key andsaid message data; and comparing said second authentication value tosaid first authentication value by said issuer to verify thetransaction.
 28. A system according to claim 26, wherein the messagedata is arranged in at least one of an ISO Track 1 format and an ISOTrack 2 format.
 29. A system according to claim 27, wherein the terminalis configured to receive user data from a user; the terminal beingconfigured to perform the step of generating the random number based onthe user data.
 30. A system according to claim 26, wherein the terminalis configured to perform the step of including the first authenticationvalue in the discretionary data field of the message data.
 31. A systemaccording to claim 26, wherein the proximity device is configured toperform the step of including the first authentication value in thediscretionary data field of the message data.
 32. A system according toclaim 26, further comprising an agent of an issuer, the agent beingconfigured to perform the step of including the first authenticationvalue in the discretionary data field of the message data.
 33. A systemaccording to claim 26, wherein said proximity device is in a form of acredit card.
 34. A system according to claim 33, wherein said proximitydevice includes a magnetic stripe.
 35. A system according to claim 34,wherein said proximity device includes a printed authentication value.36. A system according to claim 26, wherein said proximity device is ina form of a key fob.
 37. A system according to claim 26, wherein saidproximity device is included in a mobile telephone.
 38. A systemaccording to claim 26, wherein said proximity device is included in awatch.
 39. A system according to claim 27, wherein the terminal isconfigured to perform the step of ensuring that said proximity device isan only proximity device within an operating field of said terminalbefore attempting a transaction.
 40. A system according to claim 26,wherein the terminal is configured to perform the steps of: detectingmultiple proximity devices in an operating field of the terminal;prompting a user to select one of said multiple proximity devices.
 41. Asystem according to claim 27, wherein said data comprising at least saidrandom number further comprises at least one of a proximity chipcounter, a representation of the random number, and a representation ofthe proximity chip counter.
 42. A system according to claim 27, whereinthe proximity device has a counter, the proximity device is configuredto perform the step of increasing the counter by said proximity deviceafter a time at which the proximity device is coupled to the terminal.43. A system according to claim 26, wherein the terminal is configuredto perform the step of converting the message data to a binary codeddecimal format before the step of transmitting the message data fromsaid terminal to said issuer.
 44. A system according to claim 26,wherein the proximity device includes a proximity chip.
 45. A systemaccording to claim 27, wherein the second authentication key is equal tothe first authentication key.
 46. A system according to claim 27,wherein the first authentication key is a public key infrastructureprivate key and the second authentication key is a public keyinfrastructure public key, wherein said public key infrastructure publickey is associated with said public key infrastructure private key.
 47. Asystem according to claim 27, wherein said message data further includesat least one of a proximity chip counter, the random number, arepresentation of the random number, and a representation of theproximity chip counter.
 48. A system according to claim 47, wherein theterminal is configured to perform the step of comparing said messagedata to at least one of the random number and a representation of therandom number.
 49. A system according to claim 47, wherein the issuer isconfigured to perform the step of comparing said message data to atleast one of the random number and a representation of the randomnumber.
 50. A system according to claim 27, wherein the terminal isconfigured to perform the step of generating the random number.
 51. Acomputer-readable medium for conducting a transaction using a proximitydevice, the computer-readable medium having a set of instructionsoperable to direct a processor to perform the steps of: dynamicallygenerating a first authentication value; transmitting the firstauthentication value from the proximity device to a terminal; includingthe first authentication value in a discretionary data field of messagedata, the message data being arranged in an ISO format; and transmittingthe message data from said terminal for verification.
 52. Acomputer-readable medium according to claim 51, wherein the set ofinstructions is further operable to direct the processor to perform thesteps of: generating a random number; transmitting an authenticationcommand contactlessly from said terminal to said proximity device, theauthentication command including said random number, the step ofdynamically generating the first authentication value comprising using afirst authentication key by the proximity device to derive the firstauthentication value from data comprising at least said random number;calculating a second authentication value by an issuer using a secondauthentication key and said message data; and comparing said secondauthentication value to said first authentication value by said issuerto verify the transaction.
 53. A computer-readable medium according toclaim 51, wherein the message data is arranged in at least one of an ISOTrack 1 format and an ISO Track 2 format.
 54. A computer-readable mediumaccording to claim 52, wherein the computer-readable medium is furtheroperable to direct the terminal to receive user data from a user, thestep of generating the random number being performed by the terminalbased on the user data.
 55. A computer-readable medium according toclaim 51, wherein the step of including the first authentication valuein the discretionary data field of the message data is performed by saidterminal.
 56. A computer-readable medium according to claim 51, whereinthe step of including the first authentication value in thediscretionary data field of the message data is performed by saidproximity device.
 57. A computer-readable medium according to claim 51,wherein the step of including the first authentication value in thediscretionary data field of the message data is performed by an agent ofan issuer.
 58. A computer-readable medium according to claim 51, whereinsaid proximity device is in a form of a credit card.
 59. Acomputer-readable medium according to claim 58, wherein said proximitydevice includes a magnetic stripe.
 60. A computer-readable mediumaccording to claim 59, wherein said proximity device includes a printedauthentication value.
 61. A computer-readable medium according to claim51, wherein said proximity device is in a form of a key fob.
 62. Acomputer-readable medium according to claim 51, wherein said proximitydevice is included in a mobile telephone.
 63. A computer-readable mediumaccording to claim 51, wherein said proximity device is included in awatch.
 64. A computer-readable medium according to claim 51, wherein theset of instructions is further operable to direct the processor toperform the step of ensuring by the terminal that said proximity deviceis an only proximity device within an operating field of said terminalbefore attempting a transaction.
 65. A computer-readable mediumaccording to claim 52, wherein the set of instructions is furtheroperable to direct the processor to perform the steps of: detectingmultiple proximity devices by the terminal in an operating field of theterminal; prompting a user to select one of said multiple proximitydevices.
 66. A computer-readable medium according to claim 52, whereinsaid data comprising at least said random number further comprises atleast one of a proximity chip counter, a representation of the randomnumber, and a representation of the proximity chip counter.
 67. Acomputer-readable medium according to claim 52, wherein the proximitydevice has a counter, the set of instructions is further operable todirect the processor to perform the step of increasing the counter bysaid proximity device after a time at which the proximity device iscoupled to the terminal.
 68. A computer-readable medium according toclaim 51, wherein the set of instructions is further operable to directthe processor to perform the step of converting the message data to abinary coded decimal format by said terminal before the step oftransmitting the message data from said terminal to said issuer.
 69. Acomputer-readable medium according to claim 51, wherein the proximitydevice includes a proximity chip.
 70. A computer-readable mediumaccording to claim 52, wherein the second authentication key is equal tothe first authentication key.
 71. A computer-readable medium accordingto claim 52, wherein the first authentication key is a public keyinfrastructure private key and the second authentication key is a publickey infrastructure public key, wherein said public key infrastructurepublic key is associated with said public key infrastructure privatekey.
 72. A computer-readable medium according to claim 52, wherein saidmessage data further includes at least one of a proximity chip counter,the random number, a representation of the random number, and arepresentation of the proximity chip counter.
 73. A computer-readablemedium according to claim 72, wherein the set of instructions is furtheroperable to direct the terminal to perform the step of comparing saidmessage data to at least one of the random number and a representationof the random number.
 74. A computer-readable medium according to claim72, wherein the set of instructions is further operable to direct anagent of the issuer to perform the step of comparing said message datato at least one of the random number and a representation of the randomnumber.
 75. A computer-readable medium according to claim 52, whereinthe step of generating the random number is performed by the terminal.